
Image by: cottonbro studio
The critical need for network automation
Did you know network engineers spend 60% of their time on repetitive tasks like configuration backups and device checks? As networks grow more complex with multi-vendor environments (Cisco, Juniper, Arista), manual management becomes unsustainable. This technical tutorial provides ready-to-use Python scripts leveraging Netmiko and NAPALM to automate monitoring, backups, and compliance checks – potentially saving 20+ hours monthly for mid-sized networks.
Why automation matters now
- Cisco’s 2023 report shows 73% of network outages stem from human errors in manual configurations
- Juniper networks require 40% more commands than Cisco for equivalent configurations
- Multi-vendor environments increase complexity by 3× compared to single-vendor setups
« Automation isn’t optional anymore – it’s the oxygen for modern network operations, » says Michel Herbert, CCIE #6012.
Netmiko vs NAPALM: choosing your automation toolkit
Netmiko and NAPALM both solve network automation challenges but with different philosophies:
| Feature | Netmiko | NAPALM |
|---|---|---|
| Protocol support | SSH only | SSH + API |
| Data format | Raw text | Structured JSON |
| Vendor support | 40+ drivers | 8 core vendors |
| Learning curve | Moderate | Steeper |
When to use each tool
- Use Netmiko for quick SSH-based scripts requiring direct CLI access
- Choose NAPALM for standardized data collection and multi-vendor compliance
- Combine both for complex workflows (Netmiko for execution, NAPALM for validation)
Implementing secure SSH connections at scale
Secure automation starts with encrypted connections. Here’s a battle-tested approach using Python:
from netmiko import ConnectHandler
cisco_device = {
'device_type': 'cisco_ios',
'host': '10.0.0.1',
'username': 'admin',
'password': 'SecurePass123!',
'secret': 'enablepass',
'port': 22,
'session_log': 'network_log.txt'
}
connection = ConnectHandler(**cisco_device)
connection.enable()
output = connection.send_command('show run')
connection.disconnect()
Security best practices
- Always use SSHv2 with RSA keys instead of passwords
- Store credentials in encrypted vaults like Hashicorp Vault
- Implement session logging with sanitization
Mastering JSON data parsing for network insights
NAPALM transforms raw network data into structured JSON – here’s how to leverage it:
from napalm import get_network_driver
driver = get_network_driver('junos')
device = driver('10.0.0.2', 'admin', 'Jun!per123')
device.open()
interfaces = device.get_interfaces()
bgp_neighbors = device.get_bgp_neighbors()
print(json.dumps(interfaces, indent=2))
Key JSON outputs
- Interface statistics with error counters
- BGP neighbor state changes
- LLDP topology mappings
Automating compliance reports across vendors
Create unified compliance checks that work on Cisco IOS and Juniper JunOS:
def check_compliance(device):
compliant = True
report = []
config = device.get_config(retrieve='running')
if 'service password-encryption' not in config['running']:
compliant = False
report.append('Missing password encryption')
return {'host': device.hostname, 'compliant': compliant, 'issues': report}
Report automation workflow
- Collect configurations from all devices
- Validate against security baselines
- Generate HTML/PDF reports with deviations
- Trigger email alerts for critical issues
Frequently asked questions
Can Netmiko and NAPALM work together?
Absolutely. Use Netmiko for device-specific commands and NAPALM for standardized data collection. They complement each other in complex environments.
How secure are these automation scripts?
When properly configured with SSH keys and credential vaults, they meet enterprise security standards. Always follow principle of least privilege.
What about newer vendors like Arista?
Both libraries support Arista EOS through dedicated drivers. The JSON output structure remains consistent across vendors.
Conclusion
Mastering network automation with Python’s Netmiko and NAPALM transforms multi-vendor management from chore to strategic advantage. By implementing the scripts and techniques covered – from secure SSH connections to automated compliance reporting – teams can reduce manual work by 60% while improving network reliability. Ready to accelerate your automation journey? Explore our network automation toolkit for ready-made templates and expert support.
